[CentOS] Critical update for bash released today.
James Hogarth
james.hogarth at gmail.comFri Sep 26 06:28:27 UTC 2014
- Previous message: [CentOS] Critical update for bash released today.
- Next message: [CentOS] Critical update for bash released today.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On 26 Sep 2014 05:46, "Cliff Pratt" <enkiduonthenet at gmail.com> wrote: > > Take the case of an Apache Bash CGI. This will have been loaded when Apache > started, so Apache will have to be restarted to get the new one. There may > be other similar cases. So the best thing is to reboot. > This is false and a major misunderstanding of the vulnerability. 1) the vulnerability is just during initialisation of bash. Once it is running it is beyond the vulnerable stage and needs no restarting 2) in a CGI of #!/bin/bash or for a system call with any other language for CGI bash gets executed on demand... It does not do what you say...
- Previous message: [CentOS] Critical update for bash released today.
- Next message: [CentOS] Critical update for bash released today.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list